Timelines \r\n \r\n On November 24, 2021, the Apache Foundation was privately notified by Alibaba’s Cloud Security team that Log4j , a widely used Java-based logging library, contained a major vulnerability that could result in the leaking of private information as well as remote code execution (RCE).  This vulnerability had been present since 2013. \r\n The following day, the Apache Foundation reserved CVE-2021-44228 and began researching a fix.  Over the next 12 days, several changes were introduced into the source code to address the issue, and on December 9, 2021, the vulnerability was publicly disclosed . \r\n This resulted in a flood of exploit attempts that have been growing at an alarming rate ever since. \r\n What is Log4j? \r\n To truly understand the vulnerability, we need to understand what Log4j is. Log4j is a library that enjoys widespread usage among developers in the Java community.…